Data protection

Meyer & Meyer Holding SE & Co. KG 
Hettlicher Masch 15/17
49084 Osnabrück
Phone: +49 541 9585-01
E-mail: info@meyermeyer.com

Meyer & Meyer Holding SE & Co. KG
For the attention of the Data Protection Officer 
Hettlicher Masch 15/17
49084 Osnabrück
E-mail: privacy@meyermeyer.com

Every data subject has the right to

• Information (Art. 15 GDPR)- rectification (Art. 16 GDPR)
• Erasure (Art. 17 GDPR)
• Restriction of processing (Art. 18 GDPR)- Objection (Art. 21 GDPR) 
• Data portability (Art. 20 GDPR)

Consent given to the processing of personal data can be revoked at any time.
You also have the right to lodge a complaint with a competent data protection supervisory authority. You can find an overview of the competent supervisory authorities at the following link https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html 

When selecting our external services and service providers on our website, we make sure to use European companies wherever possible. Only in exceptional cases will we have data processed outside the European Union or the European Economic Area in the context of using third-party services.

We only authorise data processing in third countries if the special requirements of Art. 44 et seq. GDPR are fulfilled. As a rule, we will obtain consent from data subjects in accordance with Art. 49 GDPR before such data transfer.

Alternatively, data may be processed on the basis of special guarantees, e.g. the EU Commission's officially recognised determination of a level of data protection corresponding to the EU (e.g. EU-US Data Privacy Framework) or compliance with officially recognised special contractual obligations (e.g. standard data protection clauses).

We would like to point out that in countries outside the EU/EEA, a level of data protection comparable to that in the EU cannot be guaranteed. For example, US companies may be obliged to hand over personal data to security authorities without data subjects being able to take legal action against this. It can therefore not be ruled out that US authorities may process, analyse and permanently store data on US servers for surveillance purposes.

Purposes of data processing
When you visit our website, information of a general nature is automatically collected. This information from website visitors includes, for example, the type of web browser, the operating system used, the domain name of the Internet service provider, the IP address and similar information.
It is processed for the following purposes in particular:
• Ensuring a smooth connection to the website,
• ensuring the smooth use of our website and
• ensuring and analysing system security and stability, in particular for the detection of misuse and
• for the technically error-free presentation and optimisation of our website.
We do not use data to draw conclusions about individuals. However, we reserve the right to check server log files retrospectively if there are concrete indications of illegal use.

Legal basis
Processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website as well as ensuring system security and detecting misuse.

Storage period
In principle, we delete personal data when it is no longer required for the defined purpose of data processing and no statutory retention obligations prevent deletion. IP addresses and names of Internet service providers used are stored by our external service provider, where our website is hosted, for a maximum period of seven days and then deleted.

Categories of recipients 
In order to handle our business processes, we may transfer personal data to third parties (e.g. IT service providers, cloud service providers, hosting providers, etc.) who act as our processors in accordance with our instructions. In these cases, all third parties are contractually obliged to treat the personal data confidentially.

Provision prescribed or required
The provision of personal data is neither legally nor contractually required. Failure to provide data may mean that the functionality of our website cannot be guaranteed. In addition, individual services may not be available or may be restricted.

Purposes of data processing
When our website is accessed, cookies are stored on the end device of the website visitor. We make a fundamental distinction here between cookies that are necessary for us, which enable us to provide basic and flawless functions of the website, and cookies that may be used by third-party services.

Legal basis
Cookies that are necessary for us are processed on the basis of Section 25 (2) No. 2 TDDDG.
The processing of other cookies is based on your consent in accordance with Section 25 (1) TDDDG in conjunction with Art. 6 (1) lit. Art. 6 para. 1 lit. a GDPR.

Criteria for determining the storage period 
The data is deleted as soon as it is no longer required for the purpose for which it was collected. Detailed information on the storage duration of cookies can be found in our Consent Management Platform (CMP). Our CMP can be accessed via the icon at the bottom left of our website.

Categories of recipients 
In order to handle our business processes, we may transfer personal data to third parties (e.g. IT service providers, cloud service providers, hosting providers, etc.) who act as our processors in accordance with our instructions. In these cases, all third parties are contractually obliged to treat the personal data confidentially.

Provision prescribed or required
The provision of personal data is neither legally nor contractually required. However, without this data, the service and functionality of our website cannot be guaranteed. In addition, individual services may not be available or may be restricted.

Revocation of consent
Consent can be revoked at any time in our CMP. Our CMP can be accessed via the icon at the bottom left of our website.

Profiling
Web analysis tools can be used to evaluate the behaviour of visitors to our website and analyse their interests. 

Purposes of data processing 
We use a Consent Management Platform (CMP) on our website to manage the consents of our website visitors. This requires the use of cookies in order to save the consent options selected.

Legal basis
The CMP is used on the basis of Art. 6 para. 1 lit. c GDPR to fulfil our legal obligation.

Storage period
The storage period for consent data is 12 months from the date of consent.

Categories of recipients 
In order to handle our business processes, we may transfer personal data to third parties (e.g. IT service providers, cloud service providers, hosting providers, etc.) who act as our processors in accordance with our instructions. In these cases, all third parties are contractually obliged to treat the personal data confidentially.

Provision prescribed or required
The provision of personal data is voluntary. If you do not provide it, you will unfortunately not be able to use our website.

Description and purpose of data processing
We use Google Tag Manager on our website. Google Tag Manager is a tool with which website tags can be integrated and managed centrally via a user interface. The Google Tag Manager itself does not create any user profiles, does not store any cookies and does not carry out any independent analyses. It is only used to manage and deliver the tools integrated via it. 

Legal basis
The processing is based on the consent of our website visitors in accordance with Art. 6 para. 1 lit. a GDPR.

Recipient
The Google Tag Manager stores IP addresses, which can also be transmitted to the provider who acts as a processor for us. The provider of the service is Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland). 
In order to handle our business processes, we may transfer personal data to third parties (e.g. IT service providers, cloud service providers, hosting providers, etc.) who act as our processors in accordance with our instructions. In these cases, all third parties are contractually obliged to treat the personal data confidentially.

Criteria for determining the storage period 
The data is deleted as soon as it is no longer required for the purpose for which it was collected. Detailed information on the storage duration of cookies can be found in our Consent Management Platform (CMP). Our CMP can be accessed via the icon at the bottom left of our website.

Provision prescribed or required
The provision of personal data is voluntary. Failure to provide it has no consequences for website visitors.

Revocation of consent
Consent can be revoked at any time in our CMP. Our CMP can be accessed via the icon at the bottom left of our website.

Description and purpose of data processing
We use the web analysis service Google Analytics on our website. The service uses cookies that enable us to analyse the use of our website. 
IP anonymisation is used on our website. The IP address of visitors is truncated within the member states of the EU and the European Economic Area. This truncation eliminates the personal reference of the IP address. 

Legal basis
The processing is based on the consent of our website visitors in accordance with Art. 6 para. 1 lit. a GDPR.

Recipient
The data is transferred to the provider of the web analysis service, which acts as a processor for us. The provider of the service is Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland).
In order to handle our business processes, we may transfer personal data to third parties (e.g. IT service providers, cloud service providers, hosting providers, etc.) who act as our processors in accordance with our instructions. In these cases, all third parties are contractually obliged to treat the personal data confidentially.

Criteria for determining the storage period
The data is deleted as soon as it is no longer required for the purpose for which it was collected. Detailed information on the storage duration of cookies can be found in our Consent Management Platform (CMP). Our CMP can be accessed via the icon at the bottom left of our website.

Provision prescribed or required
The provision of personal data is voluntary. Failure to provide it has no consequences for website visitors.

Revocation of consent
Consent can be revoked at any time in our CMP. Our CMP can be accessed via the icon at the bottom left of our website.
In addition, website visitors can prevent their data from being saved by making the appropriate settings in their browser. This may mean that some functions of our website cannot be used to their full extent. Furthermore, the processing by the provider of the web analysis service can be prevented by installing a browser plugin (under this link).

Profiling
The web analysis service can be used to evaluate the behaviour of website visitors and analyse their interests. A pseudonymised user profile is created for this purpose.

Description and Purpose of Data Processing

Our website uses technologies from SalesViewer® GmbH to analyze visitor behavior. In this process, the IP address of a visitor is processed. The IP address is used to help us understand which companies (B2B) visit our website. During the processing, the IP address is enriched with related information such as the company name or industry code. For this purpose, at the beginning of the session, the IP address of the website visitor and the corresponding session data are matched with an extensive whitelist of known companies.

Legal Basis

Processing is based on the consent of our website visitors in accordance with Art. 6 (1) (a) GDPR and serves to optimize our products as well as our sales and marketing services.

Categories of Recipients

The data is transferred to the provider of the web analysis service, who acts as a data processor on our behalf. A corresponding data processing agreement has been concluded.

In order to manage our business processes, we may transfer personal data to third parties (e.g., IT service providers, cloud service providers, hosting providers, etc.) who act as our processors under instruction. In such cases, all third parties are contractually obligated to treat personal data confidentially.

Criteria for Determining Storage Duration

The data is deleted as soon as it is no longer necessary for the purpose for which it was collected, and there are no legal retention obligations preventing deletion. Detailed information on cookie storage durations can be found in our Consent Management Platform (CMP). You can access our CMP via the icon in the bottom left corner of our website.

Withdrawal of Consent

Consent can be withdrawn at any time via our CMP. You can access our CMP via the icon in the bottom left corner of our website.
Additionally, visitors can prevent storage by adjusting their browser settings accordingly. This may result in certain functions of our website not being fully usable.
You can object to the collection and storage of data at any time with effect for the future by clicking the following link: www.salesviewer.com/opt-out, which will prevent SalesViewer® from collecting data on this website in the future. An opt-out cookie will be stored on your device for this website. If you delete your cookies in this browser, you will need to click this link again.

Provision Mandatory or Required

The provision of personal data is voluntary. Non-provision has no consequences for website visitors.

Description and purpose of data processing
We use the LinkedIn Insight Tag on our website. This is an analysis and marketing tool provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. The LinkedIn Insight Tag enables us in particular to measure the effectiveness of our LinkedIn advertisements, form website target groups and optimise our marketing measures.

The LinkedIn Insight Tag collects and processes pseudonymised usage data, which allows for a statistical evaluation of visitor behaviour on our website. It is not possible for us to directly identify individual persons. LinkedIn can assign the collected data to its user profile if the person concerned is registered with LinkedIn.

Legal basis
Processing is based on the consent of our website visitors in accordance with Art. 6 (1) lit. a GDPR in conjunction with § 25 (1) TDDDG (formerly § 25 TTDSG).

Recipients and joint responsibility
We are jointly responsible with LinkedIn Ireland Unlimited Company for processing within the scope of the LinkedIn Insight Tag in accordance with Art. 26 GDPR. Joint responsibility relates in particular to the collection and transmission of event data and its use for analysis and marketing purposes. The essential contents of the joint responsibility agreement are provided by LinkedIn: Page Insights Joint Controller Addendum.

Further information on data processing by LinkedIn can be found at: https://www.linkedin.com/legal/privacy-policy

Data subjects can assert their data protection rights both against us and against LinkedIn. In accordance with the joint responsibility agreement, LinkedIn is responsible in particular for fulfilling the rights of data subjects with regard to the data stored by LinkedIn. When using the LinkedIn Insight Tag, information about the use of our website may be processed, in particular page views, timestamps, device information and IP addresses. The processing is carried out in pseudonymised form.

It cannot be ruled out that personal data may be transferred to LinkedIn companies in the United States. LinkedIn is certified under the EU-US Data Privacy Framework, meaning that the transfer is based on an adequacy decision in accordance with Article 45 of the GDPR. In addition, LinkedIn uses appropriate safeguards, in particular standard contractual clauses in accordance with Article 46 of the GDPR.

Criteria for determining the storage periodThe data we process will be deleted as soon as it is no longer required for the stated purposes. Cookies set by the LinkedIn Insight Tag and comparable technologies are stored for a period of 180 days.

Provision mandatory or necessary
The provision of personal data is voluntary. Failure to provide such data has no consequences for website visitors.

Withdrawal of consent
Consent can be withdrawn at any time in our CMP. Our CMP can be accessed via the icon at the bottom left of our website.

Purposes of data processing 
The data entered in our contact forms is stored for the purpose of personalised communication with the person entering it. For this purpose, it is necessary to enter the data in the input fields marked with an asterisk. This data is used to allocate an enquiry and subsequently answer it. The provision of further data is optional and voluntary.

Legal basis
The data entered in the contact form is processed on the basis of our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. By providing the contact form, we want to make it easy for you to contact us. Information provided will be stored for a limited period of time for the purpose of processing the enquiry and for possible follow-up questions.
Alternatively, processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR (e.g. in the case of a request for a quote or similar).

Storage period
The data collected will be deleted no later than six months after the enquiry has been processed. If there is a contractual relationship, the storage period is based on the relevant legal requirements.

Categories of recipients 
In principle, only those persons have access to personal data transmitted via our contact forms who need it to process contact enquiries. In order to handle our business processes, we may transfer personal data to third parties (e.g. IT service providers, cloud service providers, hosting providers, etc.) who act as our processors in accordance with our instructions. In these cases, all third parties are contractually obliged to treat the personal data confidentially.

Provision prescribed or required
The provision of personal data is neither legally nor contractually required. However, contact enquiries can only be processed if the data is provided in the input fields marked with an asterisk.

Purposes of data processing 
In the context of business communication, we process data in order to be able to communicate with our partners. This may be to initiate business or to fulfil contractual and legal obligations, to offer products and to strengthen customer relationships and other purposes.
 

Furthermore, we process the contact details of our business partners and prospective clients for the purpose of maintaining and managing existing business relationships as well as establishing new commercial contacts. Such processing may, in particular, include direct marketing and sales-related communications within the B2B context, to the extent permitted by applicable law and where no consent is required. The processing is based on our legitimate interests in accordance with Article 6(1)(f) GDPR.

Legal bases
Depending on the phase of a contact, the following legal bases may be relevant for the processing of data in this context:
• For the implementation of pre-contractual measures or for the fulfilment of a contract pursuant to Art. 6 para. 1 lit. b GDPR
• For the fulfilment of legal obligations to which we are subject pursuant to Art. 6 para. 1 lit. c GDPR
• For the protection of our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR

Criteria for determining the storage period 
Personal data will generally be deleted or blocked as soon as the purpose of storage no longer applies. The purpose is determined by the content of the communication and the respective business transaction. Retention periods are determined for the respective business transactions on a case-by-case basis. As a rule, data is stored for the fulfilment of retention periods under commercial and tax law, unless longer storage is necessary for the defence of legal claims.

Categories of recipients 
In order to handle our business processes, we may transfer personal data to third parties (e.g. IT service providers, cloud service providers, hosting providers, etc.) who act as our processors in accordance with our instructions. In these cases, all third parties are contractually obliged to treat the personal data confidentially.

Provision prescribed or required
The provision of personal data may be required on the basis of a contractual relationship. If the data is not provided, business communication is unfortunately not possible.

Purposes of data processing 
We process your data if you have sent it to us in connection with an application. In this case, the processing is carried out for the purpose of deciding on the establishment of an employment relationship with us and generally for carrying out an application procedure.

Legal bases
The legal basis is Art. 88 GDPR i.V.m. § Section 26 BDSG and Art. 6 para. 1 lit. b GDPR for the establishment or implementation of a contractual relationship. In addition, we may process your personal data if this is necessary for the fulfilment of legal obligations pursuant to Art. 6 para. 1 lit. c GDPR or pursuant to Art. 6 para. 1 lit. f GDPR for the defence of legal claims asserted against us. If you give us your express consent to process personal data for specific purposes, the legal basis for your consent is Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future.

Storage period
If no employment contract is concluded with applicants, the application documents will be automatically deleted two months after notification of the rejection decision, unless deletion conflicts with any other legitimate interests of the controller. Other legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG). In the event of a successful application, we will transfer your application documents to your personnel file.

Categories of recipients 
Your application data will be reviewed by our HR department upon receipt of your application. Suitable applications will then be forwarded internally to the relevant department managers for the respective open position. As a matter of principle, only those persons have access to your personal data who need it for the proper course of our application procedure.
In order to handle our business processes, we may transfer personal data to third parties (e.g. IT service providers, cloud service providers, hosting providers, etc.) who act as our processors in accordance with our instructions. In these cases, all third parties are contractually obliged to treat the personal data confidentially.

Provision prescribed or required
The provision of personal data is necessary for the lawful execution of the selection process. If your application does not contain all the personal data required for the decision, this may result in your application not being considered.

Revocation of consent
Consent given can be revoked at any time.

Purposes of data processing 
We maintain company profiles on various social networks, job exchanges and comparable platforms. These appearances serve to present the company and create contact channels for interested parties, customers and third parties.

If our profiles in social networks or comparable platforms are used to contact us (e.g. by creating your own posts, responding to one of our posts or sending us private messages), the data provided to us will be used exclusively for the purpose of communication and processing requests.

If an application procedure is opened as part of the job exchanges we use, we would like to draw your attention to the information on application procedures in this data protection notice in addition to the information in this section.

We would also like to point out that when you visit our profiles on networks and comparable platforms, personal data may also be collected, used and stored by the operators of the respective network and comparable platforms. This happens even if visitors themselves do not have a profile on the respective social network. For a detailed description of the respective data processing of the platforms we use, please refer to the following links to the information provided by the respective providers:

LinkedIn (Provider: LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland)
Privacy policy: https://www.linkedin.com/legal/privacy-policy

XING & Kununu (Provider: XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany)
Privacy policy: https://privacy.xing.com/de/datenschutzerklaerung

Instagram (Provider: Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA)
Privacy policy: http://instagram.com/about/legal/privacy/

Facebook (Provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
Privacy policy: https://www.facebook.com/about/privacy/
Information on Insight data: https://www.facebook.com/legal/terms/information_about_page_insights_data

Indeed (Provider: Indeed Ireland Operations, Ltd., 124 St. Stephen's Green, Dublin 2, Ireland)
Privacy policy: https://de.indeed.com/legal/gdpr_de?hl=de

Stepstone (Provider: The Stepstone Group Deutschland GmbH, Völklinger Straße 1, Düsseldorf, Germany)
Privacy policy: https://www.stepstone.de/e-recruiting/rechtliches/datenschutzerklarung/

finest jobs (Provider: rexx systems GmbH, Süderstrasse 75-79, Hamburg, Germany)
Privacy policy: https://www.finest-jobs.com/Datenschutz

JOBmenue (Provider: Raven51 AG, Reinhold-Frank-Straße 63, Karlsruhe, Germany)
Privacy policy: https://jobmenue.de/datenschutz/

Jobmensa (Provider: Studitemps GmbH, Im Mediapark 4a, Köln, Germany)
Privacy policy: https://www.jobmensa.de/datenschutz

JOIN (Provider: JOIN Solutions GmbH, Schönhauser Allee 36, Berlin, Germany)
Privacy policy: https://join.com/de/datenschutz

markt.de (Provider: markt.de GmbH & Co. KG, Nymphenburger Straße 14, München, Germany)
Privacy policy: https://www.markt.de/datenschutzerklaerung.htm

Legal bases
Depending on the phase of the contact, the following legal bases may be relevant for the processing of data in this context:
• For the implementation of pre-contractual measures or for the fulfilment of a contract pursuant to Art. 6 para. 1 lit. b GDPR
• For the fulfilment of legal obligations to which we are subject pursuant to Art. 6 para. 1 lit. c GDPR
• To safeguard our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR

Storage period
We erase stored data as soon as its storage is no longer required or we are requested to erase it. As a rule, data is stored for the fulfilment of retention periods under commercial and tax law, unless longer storage is necessary for the defence of legal claims.

Recipients
We do not pass on collected data to third parties. However, we cannot rule out and have no influence on the extent to which the operators of the respective social networks and comparable platforms pass on data to third parties. In order to handle our business processes, we may transfer personal data to third parties (e.g. IT service providers, cloud service providers, hosting providers, etc.) who act as our processors in accordance with our instructions. In these cases, all third parties are contractually obliged to treat the personal data confidentially.

Provision prescribed or required
The provision of personal data is neither legally nor contractually required. Failure to provide it will mean that contact with us via our social networks and comparable platforms will not be possible.